mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
permission-warning.mdx: Advise NOT TO give access,editor to users (#28091)
* permission-warning.mdx: Advise NOT TO give access,editor to users * Give users an alternative rather than indicating what not to do Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> --------- Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
This commit is contained in:
parent
20dcb2b449
commit
a82f2d8587
|
@ -12,7 +12,10 @@
|
|||
numbered < `1024` (e.g. `443`).
|
||||
- Follow the "Principle of Least Privilege" (PoLP). Don't give users
|
||||
permissive roles when giving them more restrictive roles will do instead.
|
||||
For example, assign users the built-in `access,editor` roles.
|
||||
For example, don't assign users the built-in `access,editor` roles, which give
|
||||
them permissions to access and edit all cluster resources. Instead, define
|
||||
RBAC roles with the minimum required permissions for each user and configure
|
||||
Access Requests for elevated permissions.
|
||||
- When joining a Teleport resource service (e.g., the Database Service or
|
||||
Application Service) to a cluster, save the invitation token to a file.
|
||||
Otherwise, the token will be visible when examining the `teleport` command
|
||||
|
|
Loading…
Reference in a new issue